00570cda65504949c9e47e4901c7b503c13b0c981d7df20182824ed65c858c39 | Triage

Sharing

General

Target

00570cda65504949c9e47e4901c7b503c13b0c981d7df20182824ed65c858c39.exe
Size

235KB
Sample

220514-q5r2kscebp
MD5

2b68b4ac5925dc134631ff4555c5aea5
SHA1

ed0112fa289ed48c5b541eec39fd1554ae08ab9f
SHA256

00570cda65504949c9e47e4901c7b503c13b0c981d7df20182824ed65c858c39
SHA512

77ce92481066a3a6efd68055b5551562d8997900d65f9b888cd6d3a485aac459b46c0aab2407828e73c28bdcec9bfd2d2ad0933109d9584ed1ee06fb02601803

Score

10^/10

evasion persistence suricata trojan

Malware Config

Targets

- Target
  
  00570cda65504949c9e47e4901c7b503c13b0c981d7df20182824ed65c858c39.exe
- Size
  
  235KB
- MD5
  
  2b68b4ac5925dc134631ff4555c5aea5
- SHA1
  
  ed0112fa289ed48c5b541eec39fd1554ae08ab9f
- SHA256
  
  00570cda65504949c9e47e4901c7b503c13b0c981d7df20182824ed65c858c39
- SHA512
  
  77ce92481066a3a6efd68055b5551562d8997900d65f9b888cd6d3a485aac459b46c0aab2407828e73c28bdcec9bfd2d2ad0933109d9584ed1ee06fb02601803
Score

10^/10

evasion persistence suricata trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
  suricata: ET MALWARE Win32/BlackNET CnC Keep-Alive
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencesuricatatrojan

behavioral2

evasionpersistencesuricatatrojan